I find it hilarious people are still choosing terrible passwords to protect their online accounts.
The massive LinkedIn hack is the latest in the example that proves people are absolutely awful at picking passwords. The data breach leaked 167 Million usernames and passwords online, out of which "123456" was used by more than 750,000 accounts, followed by "LinkedIn" (172,523 accounts), and "password" (144,458 accounts).
In a typical authentication mechanism, two-factor verification is the second layer of security that is designed to ensure that you are the only person who can access your account, even if someone knows your password.
Now Instead of just relying on uniquely generated PINs, Google intends to use your biometrics data – like your typing patterns, your current location, and more – to strengthen the second layer of authentication with a better, automatic and trustworthy approach.
Project Abacus: Password-free Logins
Trust API was first developed under the codename Project Abacus, which was introduced last year at Google I/O 2015 when the company announced that it was working on a new password-less authentication method for Android devices.
Project Abacus is a system that opts for biometrics over two-factor authentication.
A while ago, the company implemented a similar idea, called "Smart Lock," on devices running Android 5.0 and higher.
Smart Locks automatically locks or unlocks your device when you are in a trusted location, or when your device recognizes your facial characteristics or have a secure Bluetooth device connected.
This Trust API is an upgraded and advanced version of Smart Lock. Trust API works by using the phone's sensors to collect data about you such as your voice, typing patterns, the particular times and locations you might use an app, and even facial recognition to derive a "Trust Score".
This Trust Score is then used to authenticate you without any need to enter a password or PIN, the head of Google’s Advanced Technology and Projects (ATAP) unit Daniel Kaufman said Friday at its Google I/O developer conference.
In case your Trust Score is not high enough, apps could revert to asking users for their passwords.
However, the company also said previously that different apps could require different Trust Scores. For example, your bank could require a higher score than a gaming app.
This Trust Score is the new "Trust Score API" or "Trust API" that the company hopes to put in developers' hands by the end of the year.